ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

RockyLinux 9 : dnsmasq (RLSA-2026:19373)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19373 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq:...

SUSE SLES12 Security Update : busybox (SUSE-SU-2026:2069-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2069-1 advisory. This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client...

Ubuntu 14.04 LTS : Dnsmasq vulnerability (USN-8311-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8311-1 advisory. Petr Menk discovered that Dnsmasq incorrectly handled certain input in the dhcprelease utility. A local attacker could possibly use this issue to cause Dnsmasq to...

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

Oracle Linux 8 : dnsmasq (ELSA-2026-20589)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20589 advisory. - Prevent overflow in extractname function CVE-2026-2291 - Prevent DoS in DNSSEC validation CVE-2026-4890 - Prevent out-of-bounds read in DNSSEC...

Amazon Linux 2 : dnsmasq, --advisory ALAS2DNSMASQ-2026-004 (ALASDNSMASQ-2026-004)

The version of dnsmasq installed on the remote host is prior to 2.90-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DNSMASQ-2026-004 advisory. A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial o...

Ubuntu 26.04 LTS : Dnsmasq vulnerability (USN-8308-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8308-1 advisory. It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp- split-relay option. A remote attacker could use this issue t...

USN-8311-1: Dnsmasq vulnerability

Petr Menšík discovered that Dnsmasq incorrectly handled certain input in the dhcprelease utility. A local attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service...

USN-8308-1 dnsmasq vulnerability

It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp-split-relay option. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code...

Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

Important: dnsmasq

Issue Overview: A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. CVE-2026-4892 An information disclosure vulnerability in dnsmasq allows remote attackers to...

CVE-2026-9482

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may...

Security update for busybox

This update for busybox fixes the following issue CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

SUSE-SU-2026:2053-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989...

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2026-9408

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

CVE-2026-9408 Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

PT-2026-43009

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...